About Me

Reputability are thought leaders in the field of reputational risk and its root causes, behavioural risk and organisational risk. Our book 'Rethinking Reputational Risk' received excellent reviews: see www.rethinkingreputationalrisk.com. Anthony Fitzsimmons, one of its authors, is an authority and accomplished speaker on reputational risks and their drivers.
Reputability helps business leaders to find these widespread but hidden risks that regularly cause reputational disasters. We also teach leaders and risk teams about these risks.
Here are our thoughts, and the thoughts of our guest bloggers, on some recent stories which have captured our attention. We are always interested to know what you think too.

Monday, 16 December 2013

Some parts of Government are in 'desperate failure' and across the whole of Whitehall there is 'an inability to learn the lessons of failure and speak openly and truthfully to each other'. That is what Bernard Jenkin, Chair of the Public Administration Select Committee in the UK’s House of Commons, believes according to a report by the journal Civil Service World (CSW).

For an example of what he means, we need look no further than the Department of Work and Pensions’ (DWP’s) flagship Universal Credit Scheme. Only last week, Secretary of State Ian Duncan-Smith was forced to defend implementation delays and admit that upwards of £40m has been lost on an abandoned IT system which was simply not fit for purpose.

The story didn’t begin there. In September the National Audit Office (NAO) highlighted delivery problems on Universal Credit citing a 'fortress mentality' and 'a culture of good news reporting that limited open discussion of risks and stifled challenge'.

Dame Anne Begg, Chair of the Commons Work and Pensions Committee, has criticised the DWP for 'an inability of ministers to admit there was anything going wrong in the Department'. Asked by CSW whether it is possible for DWP civil servants 'to speak truth to power' she said 'I think it's difficult, and the attitude is set from the top'.

If true, such attitudes have very worrying implications for sound decision making and good governance. Adding to the concerns is a recent survey from CSW and the marketing firm Claremont which found that 'just 9% of civil servants surveyed believe that ministers and senior managers openly encourage challenge, debate and reporting of operational problems'.

A recent study from Reputability, 'Deconstructing Failure: Insights for Boards' determined that amongst the key root causes of corporate crises were risk blindness exhibited by those at the top and defective information flows throughout the organisation.

If difficult news is seen as unwelcome by managers, it is easy to understand how individuals might withhold particular unwelcome data or disguise unpalatable truths so as not to be seen to be rocking the boat. Unfortunately, the consequences of misreporting or being economical with the truth can have devastating results for the organisation and its corporate reputation.

Examples from the business world abound, but the debacle surrounding the delays to the EADS Airbus A380 and the Toyota 'accelerator surge' recall in the USA are particularly telling examples of delayed or inadequate reporting of problems which had severe adverse consequences. In both instances the financial cost of insiders holding back critical information from leaders ran to billions, bringing with them immense loss of reputational capital.

Fortunately there are signs that not all in Government are blind to these dangers. Speaking recently at the annual Civil Service Awards ceremony the Prime Minister encouraged his audience 'to talk truth to power and tell it like it is'. He added, 'That is really important. Don't stop doing it.'

Wednesday, 4 December 2013

Thinking back over discussions with
FTSE Chairmen about optimum board structures for effective governance, I was
struck by how often the subject of “corporate reputation” recurs.

This is not surprising.Studies show that the bigger the
organisation, the more value is contributed by reputation.In the FTSE100, corporate reputations are
contributing on average, 32 per cent of companies’ market cap. By comparison,
reputations add an average 14 per cent of value to FTSE250 companies.

Whatever the precise figure, few
doubt that reputation is a significant business asset even though it doesn't appear in the balance sheet.It is interesting therefore, to ask why more
businesses do not organise themselves at board level specifically to protect
and enhance their reputation.A few have
a “reputation” committee alongside those of “audit”, “remuneration” and perhaps
“risk” but most do not.Those that do
often seem to see managing reputational risk as a PR issue.

Perhaps boards believe that they have
an innate ability to manage this most valuable asset. Maybe they think that reputation management is
covered by existing processes.They shouldn’t.The 2011 report from a high level workshop, 'Policy and Governance for Risks to Reputation',
led by Airmic and Reputability concluded that boards should take ‘deliberate
responsibility’ for risks to reputational capital, highlighting that standard
risk management wouldn’t systematically find the risks that cause reputational
damage.

Recent research
shows that nearly half - 48 per cent - of in-house communications directors do
not think that their boards take responsibility for the organisations’
reputation.If the ethics and tone, the
aspirations and the heritage of an organisation are not set and proactively
managed by the board, who has the authority to lead on them?

It’s not only communication
professionals who see this lack of credible leadership.Results from the Edelman Trust Barometer show that public trust in what CEOs say has never been
lower.When asked: “If you heard
information about a company from one of these people, how credible would that
information be?” the number citing a CEO as reliable rose to 40% in 2013, having only been higher once in the last 5 years.It is no consolation that government
officials and regulators were even less trusted.

In our transparent, internet-accelerated world, reputation and risks to it need to be taken out of the traditional
silos of risk, Human Resources, Public Relations and Investor Relations.It is time for boards to take responsibility
for reputation, that most valuable yet vulnerable of assets.It's too precious to be delegated.

Saturday, 9 November 2013

Targets create incentives to behave in ways that will achieve a particular result. Sometimes the incentives are hidden - such as when staff fear to report bad news.

The latest example, explained in more detail in the Guardian,
is that National Health Service managers at Colchester hospital now "fear that at least 6,000 patients may have had their records falsified to meet treatment targets".

We humans are versatile. Face with a target, we can see many paths to
the appearance of success. We can embrace the principles behind the
target-setter’s good intention; or we can cover up poor performance or
cheat. Culture also plays an important role in how we behave.

It’s not as simple as a matter of how targets are designed and enforced.
Human characteristics include behaviours such as creativity, guile and
dishonesty. That is why targets, and the incentives they create,
should also be seen - and managed - as risks. This creates a vital
independent feedback loop that can deal with the risk of self-delusion
by leaders and managers.

Risks from unintended or poorly designed incentives regularly bring big organisations to their knees.
If you need evidence, read the case studies in ‘Roads to Ruin’, the
Cass Business school report for Airmic. Subsequent research,
‘Deconstructing failure – Insights for boards’ found that 40% of the 40
major crises dissected had incentives emanating from board level as one of their root causes.

It may be that the targets saved lives overall. But if it did so at the cost of developing a culture of lying and covering-up at the hospital, that is dangerous. The studies in 'Roads to Ruin' show how easily a small lie turns into a huge one, with disastrous consequences. Patient safety depends on an open learning culture. That only works if the truth is welcomed however unpleaseant.

Wednesday, 16 October 2013

Bankers were painted in varying shades of amorality and incompetence after the banking crisis. The City Values Forum has spent two years trying to re-set and restore standards of integrity among London bankers.

The Forum's conference, on 15 October, publicised their progress. They have plenty to say on what integrity might look like. With help from the City HR Association, they have produced a 'Gold Standard' for 'Performance linked to values'.

But they have ducked two important issues, raised by Anthony Hilton. The first has to do with implementation. How do you ensure that the desired values are lived consistently from top to bottom of the organisation?

Andrew Hill in the FT has highlighted the importance of behavioural change programmes, but a vital part of the answer is leadership: as John Griffith-Jones of the FCA commented, "If [tone] comes from halfway down… it just doesn’t have the same impact”. It is even worse if the leaders set the tone but don't live by it - what Philippa Foster Back pithily calls the "say-do" gap. Who has the means or authority to bring top leaders back into line - assuming that their double standards are recognised for what they are?

The second problem has to do with bonuses, a complex and poorly understood subject. It is easy to announce that incentives will reflect not only success but also how success was achieved. But there is an important information asymmetry. It is hard for leaders reliably to know how success was actually achieved - whereas it is easy for peers to know the truth. Thus a high achiever, known by his peers to be cutting corners, may be rewarded by leaders who think he is 'doing the right thing'. The effect will be as corrosive as leaders' double standards.

This highlights a broader problem of implementation missed by the Forum. All
organisations run on people power, and it is the behaviour of people, collectively and individually, that typically makes and breaks organisations. However, few if any organisations systematically capture,
let alone manage, people risks whether from the leadership or elsewhere. This is a clearly identified hole in risk management systems. As Anthony Hilton put it, "The ... issue for boards
having set a culture is how to know with
confidence that its values really are being lived throughout the
organisation. What does success look like and how do they measure it?"

The City Values Forum's latest proposals are blind to this
fundamental problem of implementation even though it was drawn to their attention two years ago. That is a missed opportunity.

Thursday, 3 October 2013

Are bonuses damaging economic growth? Anthony Hilton suggests they
are. We think this is part of a much larger, and pernicious, problem.

We have been pioneers in showing how unintended incentives can destroy companies. In 'Deconstructing failure - Insights for boards' we went on to discover that it was a root cause of failure in 40% of cases, 60% in the financial sector.

The central point is that the design of most bonus schemes has two effects on the C-team's behaviour.

First, sacrificing greater long-term growth by not investing now
produces bigger and more certain bonuses in the short term. So that is
what too many C-Suite teams do.

Second, if you have a cash pile, the most reliable way to a bigger
bonus short-term is buying back shares in an attempt to increase
earnings per share - though it doesn't always work.

This behaviour makes sense to CEOs who understand about discounting cash
flows on large future bonuses - and the grim statistic that the average
CEO tenure is usually below 4 years. It is the obvious route to the
probability of larger bonuses under many bonus schemes.

But don't blame the C Suite. They are only human and are behaving just
as all humans can be expected to behave. The risk that they will
respond to bonuses in this way is a ubiquitous, if largely unrecognised,
board vulnerability.

So who is to blame? The answer lies between Remuneration Committees,
who set the bonuses, the professional remuneration advisers who advise
Remuneration Committees and Institutional Investors who fail to
challenge Remuneration Committees that set flawed incentives. (I have
left Chief Risk Officers and Risk Directors off the list because whilst
they might have the know-how to see the risk, their hierarchical status
below the C-suite makes it impossible to raise the subject without
putting their careers in jeopardy.)

The largest part of the blame, however, probably attaches to
remuneration consultants. How many have taken the time to explain to
Remuneration Committees how short term bonus schemes risk generating
short termism in the C-Suite? And which remuneration consultant has
explained how larger bonuses actually seem to work. As Dan Ariely has discovered, bigger bonuses seem to produce worse performance, not better, when it comes to mentally demanding work (as opposed to mechanical or manual tasks).

This is part of a bigger problem, the hole in the "three lines of defence"
approach to risk control. The name has a reassuring ring about, but
the concept isn't designed systematically to find, let alone deal with,
risks related to how humans actually behave. Nor is it a remotely
suitable concept to deal with board-level vulnerabilities. No-one below
board level can deal with them.

Sunday, 29 September 2013

Two years ago, I asked whether the Civil Service's top mandarins are competent. I discussed two pieces of evidence suggesting that they have a reputation for incompetence among those who deal most closely with them. A third suggested that this reputation is deserved.

Two recent books have brought the subject back into focus. Both consider the role of politicians as well as mandarins. Both are on my reading list on the strength of the experience of the authors and the reviews. Here is a taster based on the reviews. I'll write again when I've read the books.

"Conundrum pitches itself as an examination of the failures of government, but
it is primarily about the failures of government procurement....One of the most interesting areas they cover is the relationship between civil
servants and the politicians who, nominally, oversee them. In my experience,
the majority of career civil servants regard politicians as meddling
dilettantes, while politicians regard most civil servants as obstructive
bureaucrats. It’s pleasing to find Hope and Bacon confirming that view"

The second book is 'The Blunders of our Governments' by Anthony King and Ivor Crewe. The authors are eminent professorial political scientists of an age to have allowed each of them many decades observing the machinery of government.

According to the The Financial Times review by Philip Stephens, the book shatters the delusion of UK public administrators that British government is of 'Rolls Royce' quality. Rather, through a "sometimes grimly entertaining" catalogue of public policy disasters
over the past several decades, the authors show that Britain's public administration is characterised by "predictable and predicted blunders".

Not content with that, the authors explain that blunders are not the same as mistakes.
"Mistakes count as
blunders when they are stupid and careless – driven by some combination
of hubris, laziness, wilful ignorance or sheer incompetence."

Both books appear to assert not only the incompetence of senior civil servants but also of the their political masters of all colours and persuasions. It is no consolation that private sector failures display similar weaknesses, as was demonstrated by 'Roads to Ruin', the Cass Business School report for Airmic.

Is it too much to expect that the Civil Servants' leaders address weaknesses such as these? Sadly, yes. Cognitive biases make it hard for us all to see our own shortcomings, and civil servants and politicians are as human as you and I. Overcoming this weaknesses requires a new attitude.

Until mandarins appreciate that they 'may' - the above authors would say 'do' - lie at the root cause of unacceptable behavioural and organisational risks, they will not allow investigation of their own weaknesses. The signs are that mandarins are still in denial. And it is far too dangerous for their subordinates to enlighten them of their weaknesses. That is why suggestions that the Treasury's Orange Book on risk management needs revision to include behavoural and organisational risks have been ignored.

Once they have achieved acceptance that they may be part of the problem, mandarins will need a new tool. In 'Deconstructing failure - Insights for boards', a report by Reputablity, we proposed a new tool to deal with the parallel weakness in company boards: the Board Vulnerability Evaluation. Adapted to the Civil Service departmental leadership teams, this would help civil service leaders and their political masters to:

identify sources of risk within and outside the leadership that may impair leadership effectiveness, including risks from inadequate information flows to and from the leadership;

analyse the potential consequences of these risks and weaknesses individually, in combination and in combination with other risks;

prioritise action to mitigate these risks;

set risk appetite, and

gain insights as to the extent to which behavioural and organisational risks elsewhere in the organisation need investigation.

It is too often an unnecessary tragedy when a government project fails and the cost falls on the public purse. But it will only be when influential insiders come to recognise the nature and scale of the problem, and their central role in it, that these apparently widespread weaknesses will be addressed.

Wednesday, 11 September 2013

A 'Three lines of Defence' risk management model sounds reassuring, but it contains a flaw.

The model was
implicitly endorsed by the UK's now defunct Financial Services Authority in 2003 and is still characterised as “sound
operational risk governance” by the Basel Committee on Banking Supervision,
failed to prevent the recent financial sector crisis.

‘Three lines of defence’, ubiquitous in financial services
and widespread elsewhere, actually has four layers. Line managers deal with risks as they take
them. Centralised teams monitor and
report on risk to the CEO’s team and to the board.Internal and external auditors should bring
an independent view.And the whole is
overseen by non-executive directors, typically the Audit or Risk Committee.

The Parliamentary Commission on Banking Standards recently
criticised the model, for promoting a ‘wholly misplaced sense of security’,
blurring responsibility, diluting accountability and leaving risk, compliance
and internal audit staff with insufficient status to do their job
properly.They thought much of the system
had become a box-ticking exercise.

The Commission has correctly identified a failure in
implementation of the model, but the model has a deeper, more dangerous flaw
because it takes no account of the evidence on the real root causes of
failures.

Most major institutional disasters lead to an inquiry. But
as Anthony Hilton, the City commentator sagely remarked:-

“Inquiries are rarely the answer
because it is in the nature of inquiries to stop just at the point when they
get interesting; in other words they stop when they have found someone to
blame. Not for nothing did the late management guru Peter Drucker say that too
often the first rule in any corporate disaster was to find a scapegoat. So
inquiries focus on the processes within an organisation until they find some
hapless individual or group who departed from the manual.”

We have been deeply involved in two recent studies of the
root causes of major crises and failures.We were two of the four authors of ‘Roads to Ruin’, the Cass Business
School report for Airmic.More
recently, we doubled the scale of the study, publishing our conclusions as
Reputability’s report ‘Deconstructing failure – Insights for boards’.Taken together these seminal reports dig to
the root causes of over 40 major crises and failures, spread across the
financial and non-financial sectors and involving companies with collective pre-crisis
assets beyond the GDP of the USA.The
reports bring a new, and fundamentally different, insight into why large,
respected companies fail.The patterns
of failure revealed show that the ‘three lines of defence’ model failed because
of a fundamental gap in risk management.

Our breakthrough is the recognition that the root causes of
almost all the crises and failures we studied emerge from normal human
behaviour and the way in which humans are organised and led within firms.We call these previously unrecognised risk
areas ‘Behavioural’ and ‘Organisational’ risks, collectively ‘People’
risks. (Since we wrote this article Andrew Bailey, then Chief Executive of the Bank of
England's Prudential Regulation Authority, put this robustly in his speech on 9 May 2016.)

People risks lie at the root of all the failures studied for
‘Deconstructing failure’ both in the financial sector and outside it.But ‘three lines of defence’ provides no
defence against people risks in general, still less against people risks within
or emanating from the board, because risk management systems don’t go there.Risk management hasn’t yet evolved
systematically to take in people risks, so few risk professionals understand
them; and the most important risks are also too hot to handle because they
emanate from boards.

With these insights it is no surprise that the doctrine
failed to prevent the last banking crisis.Nor will it prevent the next one – or crises in other sectors.

These gaps have to be filled if boards and regulators are to
be able to sleep at night.Two developments
are required. The first is to develop a cadre of risk professionals with skills
in people risks, the main drivers of reputational damage and corporate collapse.

But that will not deal with the issue of vulnerabilities in
or emanating from boards that regularly bring organisations to their
knees.For that, a second development is
essential.Boards need new tools that
will both assess risks in and caused by the board; and help boards to overcome
the cognitive biases that make it hard for all of us to see ourselves as others
can.

In ‘Deconstructing failure’ we recommend a new tool to meet
this need.We call it the ‘Board Vulnerability Evaluation’ (and we have now done the work to develop it).The tool is designed to help chairmen and
their Boards to:-

Systematically understand and identify potential
sources of corporate vulnerability within and outside the board, including people
risks and risks from inadequate information flows to and from the board;

analyse the potential consequences of these
risks and weaknesses individually, in combination and in combination with other
risks;

prioritise and galvanise action where needed to
mitigate these risks;

set risk appetite, and

gain insights as to the extent to which people
risks elsewhere in the organisation need investigation.

It is a tragedy when a respected company fails and the cost
can be catastrophic.Board Vulnerability
Evaluation will give Boards the opportunity to find, prioritise and where
appropriate deal with these unrecognised but potentially devastating risks
before they cause serious harm.

However, I’m pleased to report that the CQC has taken a bold step in the right direction, in carrying out and now publishing a highly critical review of their organisation, 'Exploring bullying and harassment at the CQC’

"Exploring bullying and harassment at the CQC"

The review highlights allegations of a culture of bullying and harassment under the previous leadership. Publishing the results and addressing the issue head-on is the right way to deal with it.

The failings are all too familiar to us both from our work and as summarised in our latest report ‘Deconstructing failure – Insights for boards’. The report appears to highlight three major problem areas at the CQC:

A failure of leadership to create the right ethos and culture

A dominant leader not welcoming challenge

Risks arising from incentives/targets set by leaders - in this case with the added fear of penalties for failure

Since the review did not pretend to make a root cause analysis of the problems at the CQC, it does not comment on other fundamental risks that may have been at work at the CQC, such as an ineffective board, a board lacking key skills, poor information flows to the board, organisational complexity and board blindness to key risks to their licence to operate.

Finding a solution

From my experience as a regulatory chief executive, a particularly interesting aspect is the collected views of staff on "What would it be like to work here, if things changed for the better." It is our experience that when things are not right, insiders still know what “good” would look like – if only someone is prepared to listen to them.

This list of staff aspirations will help the new management team in the cultural change programme that should be the next step. It will not be easy, or quick, but given time and sound leadership, such a programme should ensure dramatic improvement in the work of this much criticised regulator. Politicians must allow management enough time to bring about the necessary changes.

A better future?

I look forward to a future when the CQC is admired and respected by all its stakeholders, and the NHS has learned that the best way to achieve high standards is to regulate their own organisation to observe the highest standards, and invite the regulator to approve what they have done. This has been the guiding principle for the aviation industry, and has been adopted all around the globe with the result that the flight safety system is not an issue of public concern. Let's hope the CQC and the NHS will learn from best practice wherever it is found.